github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Mifare dictionary uploaded to spiffs using legacy function

Browse source
This commit is contained in:
Piotr Rzeszut 2024-12-25 21:08:44 +01:00
commit 5af815f271
4 changed files with 53 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

19
armsrc/appmain.c
View file

@ -2752,25 +2752,6 @@ static void PacketReceived(PacketCommandNG *packet) {
Flash_CheckBusy(BUSY_TIMEOUT); Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable(); Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0xC); Flash_Erase4k(spi_flash_pages64k - 1, 0xC);
} else if (payload->startidx == DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages64k)) {
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0x5);
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0x6);
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0x7);
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0x8);
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0x9);
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
Flash_Erase4k(spi_flash_pages64k - 1, 0xA);
} else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) { } else if (payload->startidx == DEFAULT_ICLASS_KEYS_OFFSET_P(spi_flash_pages64k)) {
Flash_CheckBusy(BUSY_TIMEOUT); Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable(); Flash_WriteEnable();

2
armsrc/mifarecmd.c
View file

@ -38,8 +38,6 @@
#include "spiffs.h" // spiffs #include "spiffs.h" // spiffs
#include "appmain.h" // print_stack_usage #include "appmain.h" // print_stack_usage
#define MF_KEYS_FILE "dict_mf.bin"
#ifndef HARDNESTED_AUTHENTICATION_TIMEOUT #ifndef HARDNESTED_AUTHENTICATION_TIMEOUT
# define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation) # define HARDNESTED_AUTHENTICATION_TIMEOUT 848 // card times out 1ms after wrong authentication (according to NXP documentation)
#endif #endif

94
client/src/cmdflashmem.c
View file

@ -192,7 +192,7 @@ static int CmdFlashMemLoad(const char *Cmd) {
CLIParserInit(&ctx, "mem load", CLIParserInit(&ctx, "mem load",
"Loads binary file into flash memory on device\n" "Loads binary file into flash memory on device\n"
"Warning: mem area to be written must have been wiped first\n" "Warning: mem area to be written must have been wiped first\n"
"( this is already taken care when loading dictionaries )", "( dictionaries are serviced as files in spiffs so no wipe is needed )",
"mem load -f myfile -> upload file myfile values at default offset 0\n" "mem load -f myfile -> upload file myfile values at default offset 0\n"
"mem load -f myfile -o 1024 -> upload file myfile values at offset 1024\n" "mem load -f myfile -o 1024 -> upload file myfile values at offset 1024\n"
"mem load -f mfc_default_keys -m -> upload MFC keys\n" "mem load -f mfc_default_keys -m -> upload MFC keys\n"
@ -217,6 +217,7 @@ static int CmdFlashMemLoad(const char *Cmd) {
bool is_t55xx = arg_get_lit(ctx, 4); bool is_t55xx = arg_get_lit(ctx, 4);
int fnlen = 0; int fnlen = 0;
char filename[FILE_PATH_SIZE] = {0}; char filename[FILE_PATH_SIZE] = {0};
char spiffsDest[32] = {0};
CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); CLIParamStrToBuf(arg_get_str(ctx, 5), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
CLIParserFree(ctx); CLIParserFree(ctx);
@ -246,22 +247,18 @@ static int CmdFlashMemLoad(const char *Cmd) {
switch (d) { switch (d) {
case DICTIONARY_MIFARE: case DICTIONARY_MIFARE:
offset = DEFAULT_MF_KEYS_OFFSET_P(spi_flash_pages);
keylen = 6; keylen = 6;
res = loadFileDICTIONARY(filename, data + 2, &datalen, keylen, &keycount); res = loadFileDICTIONARY(filename, data, &datalen, keylen, &keycount);
if (res || !keycount) { if (res || !keycount) {
free(data); free(data);
return PM3_EFILE; return PM3_EFILE;
} }
// limited space on flash mem if (datalen > FLASH_MEM_MAX_SIZE_P(spi_flash_pages)) {
if (keycount > DEFAULT_MF_KEYS_MAX) { PrintAndLogEx(ERR, "error, filesize is larger than available memory");
keycount = DEFAULT_MF_KEYS_MAX; free(data);
datalen = keycount * keylen; return PM3_EOVFLOW;
} }
strcpy_s(spiffsDest, 32, MF_KEYS_FILE);
data[0] = (keycount >> 0) & 0xFF;
data[1] = (keycount >> 8) & 0xFF;
datalen += 2;
break; break;
case DICTIONARY_T55XX: case DICTIONARY_T55XX:
offset = DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages); offset = DEFAULT_T55XX_KEYS_OFFSET_P(spi_flash_pages);
@ -326,44 +323,55 @@ static int CmdFlashMemLoad(const char *Cmd) {
uint32_t bytes_sent = 0; uint32_t bytes_sent = 0;
uint32_t bytes_remaining = datalen; uint32_t bytes_remaining = datalen;
// we will treat dictionary files as spiffs files, so we need to handle this here
// fast push mode if (d == DICTIONARY_MIFARE) {
g_conn.block_after_ACK = true; res = flashmem_spiffs_load(spiffsDest, data, datalen);
if (res != PM3_SUCCESS) {
while (bytes_remaining > 0) { PrintAndLogEx(FAILED, "Failed writing passwrods to file %s", spiffsDest);
uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining);
clearCommandBuffer();
flashmem_old_write_t payload = {
.startidx = offset + bytes_sent,
.len = bytes_in_packet,
};
memcpy(payload.data, data + bytes_sent, bytes_in_packet);
SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload));
bytes_remaining -= bytes_in_packet;
bytes_sent += bytes_in_packet;
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
g_conn.block_after_ACK = false;
free(data); free(data);
return PM3_ETIMEOUT; return res;
}
PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%u")" passwords to file "_GREEN_("%s"), keycount, spiffsDest);
} else {
// fast push mode
g_conn.block_after_ACK = true;
while (bytes_remaining > 0) {
uint32_t bytes_in_packet = MIN(FLASH_MEM_BLOCK_SIZE, bytes_remaining);
clearCommandBuffer();
flashmem_old_write_t payload = {
.startidx = offset + bytes_sent,
.len = bytes_in_packet,
};
memcpy(payload.data, data + bytes_sent, bytes_in_packet);
SendCommandNG(CMD_FLASHMEM_WRITE, (uint8_t *)&payload, sizeof(payload));
bytes_remaining -= bytes_in_packet;
bytes_sent += bytes_in_packet;
PacketResponseNG resp;
if (WaitForResponseTimeout(CMD_FLASHMEM_WRITE, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
g_conn.block_after_ACK = false;
free(data);
return PM3_ETIMEOUT;
}
if (resp.status != PM3_SUCCESS) {
g_conn.block_after_ACK = false;
PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent);
free(data);
return PM3_EFLASH;
}
} }
if (resp.status != PM3_SUCCESS) { g_conn.block_after_ACK = false;
g_conn.block_after_ACK = false; PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset);
PrintAndLogEx(FAILED, "Flash write fail [offset %u]", bytes_sent);
free(data);
return PM3_EFLASH;
}
} }
g_conn.block_after_ACK = false;
free(data); free(data);
PrintAndLogEx(SUCCESS, "Wrote "_GREEN_("%zu")" bytes to offset "_GREEN_("%u"), datalen, offset);
return PM3_SUCCESS; return PM3_SUCCESS;
} }

2
include/pmflash.h
View file

@ -96,6 +96,8 @@
#endif #endif
// Reserved space for MIFARE Keys = 24 kb // Reserved space for MIFARE Keys = 24 kb
#define MF_KEYS_FILE "dict_mf.bin"
#ifndef DEFAULT_MF_KEYS_OFFSET #ifndef DEFAULT_MF_KEYS_OFFSET
# define DEFAULT_MF_KEYS_LEN (0x6000) # define DEFAULT_MF_KEYS_LEN (0x6000)
# define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) # define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN)